ldapauth README
---------------
This module came out of my specific needs in search of a possible solution to
use a member directory for authentication. I am still not sure if this is the
best approach to this problem, but it works ! I have tested it under a fair
amount of load.
So, if you happen to use it, please forward your setup, thoughts, ideas and
inputs to me. email: zadk@mynet.com jid: zad@jabber.org
Module Description
------------------
The module has a simple purpose, bypass the standard jabber server
authentication, and perform authentication (NOT registration) against an LDAP
directory. As an example, I have a membership directory for my site which has
recorded a number of users, and I want my current users to use jabber IM.
However, I want the jabber specific data (such as roster) to still remain on the
xdb (spool). Only authentication is to be performed against the LDAP. Currently
ldapauth supports 2 of the 3 jabber authentication types, namely
plain text and digest (which uses Secure Hash Algorithm SAH1).
I have used this module with jabber server 1.4.1 running on redhat 6.2/7.1,
and Microsoft Membership Directory (Siteserver 3.0) running on Windows 2000
servers since August 2001 under average 4k daily logins. It has been setup
and run under other configurations (Redhat 7.1 and openLDAP are the first to
come to my mind, but I'm sure others on the jadmin and jdev list
who have tested other environments).
In order to handle ldapauth registration, as is, there has to be some sort of
script or process which creates a "minimum" user xml under the spool as the user
signs up for the service. This shouldn't be hard to implement.
ldapauth Setup
--------------
1 - edit server config file. Add ldapauth modules (printed in red) and remove
mod_auth_plain, mod_auth_digest, mod_auth_0k modules. Mine lookes somthing like
this after
editing:
./jsm/jsm.so
./jsm/jsm.so
./jsm/jsm.so
./jsm/jsm.so
./jsm/jsm.so
./jsm/jsm.so
./jsm/jsm.so
./jsm/jsm.so
./jsm/jsm.so
./jsm/jsm.so
./jsm/jsm.so
./jsm/jsm.so
./jsm/jsm.so
./jsm/jsm.so
./jsm/jsm.so
./jsm/jsm.so
./jsm/jsm.so
./jsm/jsm.so
./jsm/jsm.so
2 - Replace mod_register.c if you don't want user password to be saved on
'user.xml'. This should work for ldapauth2 as well although I haven't tested
with it.
3 - Add the new ldapchk tag to jabber.xml. I put mine right after tag
210.10.1.48
1004
cn=admin,ou=members,o=mysite1
taz1
ou=members, o=mysite1
4 - Edit jabber-1.4.1/platform-settings file and add LDAP lib to
the 'LIBS' environment variable. Mine was nss_ldap-2.1.3 (note that this file will
be over-written everytime you run configure). Typical LIBS looks like this:
LIBS= -lpth -ldl -lresolv -lnss_ldap-2.1.3
5 - Edit jsm/Makefile and jsm/modules/Makefile. add mod_auth_ldap_z.o and
mod_auth_ldap_digest.o to jsm_EXOBJECTS. Example:
jsm_EXOBJECTS = \
modules/mod_admin.o \
modules/mod_agents.o \
modules/mod_browse.o \
modules/mod_announce.o \
modules/mod_auth_ldap_z.o \
modules/mod_auth_ldap_digest.o \
.
.
.
6 - run 'make'.
Good luck,
Zad
JID: zad@jabber.org